Administration Application Installation

Post Installation Tasks

This section discusses the steps you need to take after installing the Administration Server.

Note: When installing, the administrator is usually logged in under a different account than the account on which the servers run when running as a service or daemon process. For this reason, it is important that the administrator ensure that the database client directories have appropriate permissions for the administration server user (asiadmin by default) to be able to access the database files. The inability of the administration server user to access the database files can result in services not being able to run or daemon processes or failing because they cannot access their database.

Installing the Policy Database Schema

Installing the Policy Database Schema

If you did not complete the final step in the installation program, installing the database schema, you must do that now. You only need to perform this step once. Before beginning this procedure, ensure that you have completed the following configuration and setup steps:

Set the current PATH environment variables.

For Windows:

Add product installation lib and bin directories (for example, WLES_HOME\lib and WLES_HOME\bin) to the PATH on Microsoft Windows.

For Sun Solaris and Linux:

Add product installation lib and bin directories (for example, WLES_HOME/lib and WLES_HOME/bin) to LD_LIBRARY_PATH on Sun Solaris.

Set the current PATH environment variables for your database.

For Oracle:

Ensure that the Oracle client is set up and configured as described in Setting Up and Administering the Database.
Ensure you can connect to the Oracle database server using command sqlplus (the Net Service Name, login ID and password).
For Windows, ensure that the PATH includes the BIN and DLL directory of the Oracle installation.
For Sun Solaris and Linux, ensure that the environmental variable ORACLE_HOME is set, $ORACLE_HOME/bin is in the PATH, and $ORACLE_HOME/lib is in the LD_LIBRARY_PATH.

For Sybase:

Ensure that the Sybase 12.5 client is set up and configured as described in Setting Up and Administering the Database.
In Windows, ensure that the PATH includes %SYBASE%\OCS-12_5\bin and %SYBASE%\OCS-12_5\dll. In Unix, ensure PATH includes $SYBASE/OCS-12_5/bin, and LD_LIBRARY_PATH includes $SYBASE/OCS-12_5/lib.
Ensure you can connect to the Sybase database server using command isql (the name of the database server, login ID and password).

Installing the Policy Database Schema on Windows

To install the policy database schema in a Microsoft Windows environment:

Change to the active directory in which to install the database schema, for example:

cd \bea\wles42-admin\bin

To install the database:

For an Oracle database, type: install_schema_oracle.bat server dblogin dbpassword enterprise_domain [policyowner]
For a Sybase database, type: install_schema_sybase.bat server database dblogin dbpassword enterprise_domain [policyowner]
Where: server—The name of the Oracle net service name or Sybase server name. database—The name of the Sybase database. dblogin—The username to use to access the database; the username for the database administrator. Owner of the policy database (optional, defaults to the user login, usually the same as the username). The policy owner is a database user name or user ID that controls the database schema in the database instance. dbpassword—Password to use to access the database; the password for the database administrator. enterprise_domain —The name of the enterprise domain. The enterprise domain name is used to link all the components and is referred to as the Enterprise Domain Name when you installed the Administration Application. [policyowner] —The Owner of the tables/schema in the policy database.

For more information on the database schema installation, examine the install_schema_oracle.log or install_schema_sybase.log in the log directory.

Installing the Policy Database Schema on Sun Solaris

To install the policy database schema in a Sun Solaris platform:

Change to the active directory in which to install the database schema, for example:

cd /bea/wles42-admin/bin

Locate the script install_schema_dbtype.sh

Important: Make sure all scripts in this directory have execute permission.

To install the database:

For an Oracle database, type: install_schema_oracle.sh server dblogin dbpassword enterprise_domain [policyowner]
For a Sybase database, type: install_schema_sybase.sh server database dblogin dbpassword enterprise_domain [policyowner]
Where: server—The name of the Oracle net service name or Sybase server name. database—The name of the Sybase database. dblogin —The username to use to access the database; the username for the database administrator. Owner of the policy database (optional, defaults to the user login, usually the same as the username). The policy owner is a database user name or user ID that controls the set of database schema in the database instance. dbpassword—The password to use to access the database; the password for the database administrator. enterprise_domain - Name of the enterprise domain. The enterprise domain name is used to link all the components and is referred to as the Enterprise Domain Name when you installed the Administration Application. [policyowner] —The owner of the tables/schema in the policy database.

For more information on the database schema installation, examine the install_schema_oracle.log or install_schema_sybase.log in the log directory.

Installing the Policy Database Schema on Linux

To install the policy database schema in a Linux platform:

Change to the active directory in which to install the database schema, for example:

cd /bea/wles42-admin/bin

Locate the script install_schema_dbtype.sh

Important: Make sure all scripts in this directory have execute permission.

To install the database:

For an Oracle database, type: install_schema_oracle.sh server dblogin dbpassword enterprise_domain [policyowner]
For a Sybase database, type: install_schema_sybase.sh server database dblogin dbpassword enterprise_domain [policyowner]
Where: server—The name of the Oracle net service name or Sybase server name. database—The name of the Sybase database. dblogin —The username to use to access the database; the username for the database administrator. Owner of the policy database (optional, defaults to the user login, usually the same as the username). The policy owner is a database user name or user ID that controls the set of database schema in the database instance. dbpassword—The password to use to access the database; the password for the database administrator. enterprise_domain —The name of the enterprise domain. The enterprise domain name is used to link all the components and is referred to as the Enterprise Domain Name when you installed the Administration Application. [policyowner] —The owner of the tables/schema in the policy database.

For more information on the database schema installation, examine the install_schema_oracle.log or install_schema_sybase.log in the log directory.

Starting and Stopping Processes

After you have installed the Administration Application, you must start the necessary processes by running the appropriate batch or shell scripts. On Windows, you can start these processes as services from the Programs menu or as commands from a console window.

For instructions on how to start and stop the required processes, see Starting and Stopping Processes in the Administration Application Guide.

Logging into the Administration Console

At this time, you can log into the Administration Console and check that all the components are working correctly. For descriptions of the process that is running, see Starting and Stopping Processes in the Administration Application Guide.

To start the Administration Console:

Open Internet Explorer.

To ensure that your transactions are securely encrypted, the Administration Console uses two-way Secure Socket Layers (SSL) to communicate with your Administration Server.

Open the URL for your Administration Console:

https://hostname:port/asi

Where: hostname is the Domain Name Server (DNS) name or IP address of the Administration Server. port is the port number through which the Administration Server is connected. asi is the name of the Enterprise Domain (that you assigned during the installation procedure).

When the login page appears, enter the username and the password granted to one of the security roles with a login privilege and click Sign In. If you are using the default username and password, enter system (username) and weblogic (password). This is the default administrator configured on install and should only be used for the initial login.

Several security certificate verification dialog boxes appear. Check OK on each one. If you do not have the proper version of the JRE installed, then on the first attempt, the console prompts you to install it.

Once you have started the console, you should set up additional administrative users or configure an Authentication provider to authenticate console users to an external authentication source such as LDAP or Microsoft Windows NT and update the administration policy accordingly, as described in Changing the System Password.

Note: The Administration Console allows administrators to edit configurations or perform other operations based on security roles granted by the administration policy. If your security roles do not permit editing of configuration data, for example, the data is displayed in the Administration Console but is not editable. If you try to perform an operation that is not permitted, the Administration Console displays an Access Denied.

Changing the System Password

During installation, a system username and password are defined for use when you first start the console. To change the system password, you must change it in the Administration Console and boot.properties file and run the asipasswd Utility (asipassword.bat) to update the password.xml and password.key files.

Note: BEA recommends changing the system password that was set during installation. Each Administration Application deployment must have a unique password. For additional information on how to begin using the Administration Console, see the online help.

To change the system password, perform the following steps:

Start the Administration Console and open the Identity folder.

The Identity page displays the name of each directory available.

Select the WLES directory, click Users, and then select System.

The Users page displays one user named System.

Click Edit and click Set Password.

In the Old Password text box type the current password. (The default password set during installation is weblogic.)

In the Password text box, type the new password for the System user, confirm the password in the Confirm text box, and click OK.

Open the boot.properties file located at BEA_HOME\wles42-admin\asiDomain, delete the encrypted text in the username and password fields, enter system in the username field and the new password in the password field, and save the file.

To update the system password in the password.xml file, perform the following steps to run the asipasswd Utility:

Open a command window, go to BEA_HOME\wles42-admin\bin, and enter the following command:

asipassword.bat system ..\ssl\password.xml ..\ssl\password.key

When prompted, enter and confirm the new password.

Restart the Administration Application server and login into the Administration Console using the new password.

Fine Tuning your Application

WebLogic Enterprise Security provides certain security properties that control the behavior of the Web Service client bindings and socket pooling routines. These properties effect how WebLogic Enterprise Security performs under load and allow you to fine tune the machine of which the application is running.

To improve performance, you can configure the Web Service client HTTP/HTTPS bindings and socket pooling routines to control how the socket pooling behaves. These properties can either be set in a file called security.properties located on the local machine, in the working directory, or can be passed as Java system properties using the command line (-D) argument.

wles.webservice.pool.MinimumPoolSize

Sets the minimum size of the socket pool. The socket pooling routines create new sockets if the size of the pool ever drops below this number. The default value is 0.

wles.webservice.pool.InitialPoolSize

Sets the initial size of the socket pool. At creation time, the pool populates the socket pool with this number of connections. The default value is 0.

wles.webservice.pool.MaximumPoolSize

Sets the maximum size of the socket pool. The socket pooling routines ensure that the pool never grows larger than this number. The default value is the number of active threads in the JVM at pool creation time.

wles.webservice.pool.PoolDeltaSize

Sets the number of sockets that can be added to or removed from the pool at a given time. The default value is 1.

wles.webservice.pool.SocketInactivityTimeout

Sets the amount of time (in seconds) before an inactive socket is eligible for eviction from the socket pool.

wles.webservice.http.RequestTimeout

Sets the amount of time (in milliseconds) before a blocking that a Web Service read operation generates a timeout. If the value of this property is 0, read operations block indefinitely. The default value is 0.

wles.webservice.http.SocketPoolingEnabled

Disables or enables socket pooling. If disabled, a Web Service client creates a new socket for each request. The default value is true.

Warning: BEA strongly discourages the disabling of socket pooling.

What's Next?

Now that you have successfully installed the Administration Application, you are ready to install your Security Service Modules and deploy your security configurations and policies.

For instructions on how to install Security Service Modules, see the following documents:

Note: In a production environment, BEA recommends that you install your Security Service Modules on machines other than the machine on which the Administration Server is installed.

For instructions on how to design and write security policy to protect resources, see the BEA WebLogic Enterprise Security Policy Managers Guide. This document defines the policy model used by BEA WebLogic Enterprise Security, and describes how to import and export policy data.

For instruction on how to setup a metadirectory to extract user data from your user repository, see Configuring Metadirectories.